Daily Archives: 01/07/2011

TDSS Botnet is Not Sophisticated, is Antiquated

Leave a reply

Propagating a mass media scare-mongering on the latest piece of malware is always a very good resource to fill those blank pages of newspapers.

These days, it’s the turn of TDSS, yet another so-so malware that endures due to the lusers’ blatant incompetence. This so-called indestructible botnet features:

  • Snake-oil crypto: the best crypto! It cures all ailments!
  • C&C through the KAD network (Tor is just a misspelled Norse god!).
  • Cutting-edge MBR infection! (it seems the ’80s was such an obscure period that nothing from that age remains, except a much-much younger Madonna, go figure).
  • TDSS removes other malware, thank you very much: because this have never been attempted before, and  I would say, it’s the easiest way to determine a system has been infected.
  • A new and very innovative 64-bit kernel-mode driver: let’s just pretend the first 64-bit viruses were not written in 2004
  • Other articles provide a much more detailed view of the evolution of this malware, this being the only thing to note about it.
  • Last, but not at least, I don’t understand how they can claim that the botnet is indestructible, but they have been able to reverse engineer the C&C protocol and to send queries to the servers.

I wonder when malware will catch-up with the already published research from the crypto-virology field. It would be wonderful to see a massive botnet, if you understand me, using advanced techniques such as questionable encryption, kleptography or homomorphic encryption applied to delegated computation. Then, we would be talking about a really indestructible botnet.

The Price of [Mobile] Freedom (II)

Leave a reply

As a follow-up to my previous post about mobile subsidies, it’s important to note that new IFRS financial accounting rules affecting them are under discussion (IAS 18: Revenue in Relation to Bundled Sales), even though they are not expected to come by 2015. Traditionally, mobile revenue per month is recognised for the whole bundled mobile contract, the cost of the handset is expensed on the first day of the contract and the initial subsidised payment, if any, is reported; under the forthcoming accounting proposals, these subsidised contracts would be effectively unbundled and interests would be taken into consideration.  That is, a receivable for the unsubsidised fair value of the terminal would be recognised on the first day and every monthly instalment per month would be proportionally split into two parts: a fraction to settle the terminal receivables with their corresponding income from interests, the handset being recognised at inception of the contract, and the rest will be booked as revenue for the services.

These changes will provide a much more faithful view of the real nature of the current mobile business model: handsets are just not marketing expenses but integral to the whole mobile experience, therefore their costs won’t be diffused with other charges and profits and revenue will stop being misstated. But on the other hand, the new approach is more imprudent and the treatment of the breach of mobile contracts will further introduce unnecessary complexity.